It has emerged that a popular tool meant to ward off malware contained a flaw that put millions of people's personal data at risk. AVG's ‘Web TuneUp’ software is marketed as a free way for users to defend themselves from ‘hidden threats’. But in mid-December, Google's security team spotted that it was overriding safety features built into the search firm's Chrome browser. AVG said it had addressed the problem, but it now faces repercussions.

Google warned that Web TuneUp was ‘force installing’ a plug-in into Chrome, meaning that users of the product had no way to opt out of it altering the browser's settings. As a result, people's internet history and other personal data could be seen by others if they knew where to look online. Furthermore, the code could potentially let hackers spy on people's email and other online activities.

AVG confirmed the fact in a statement. "We thank the Google Security Research Team for making us aware of the vulnerability with the Web TuneUp optional Chrome extension," it said. "The vulnerability has been fixed; the fixed version has been published and automatically updated to users."

However, Google also informed AVG that it would be prevented from auto-installing the plug-in for new Web TuneUp users as a consequence of the debacle. "Inline installations are disabled while the CWS [Chrome Web Store] team investigates possible policy violations," said a Google spokesman.
This is the second time a problem with AVG's products has been highlighted this year. In March, researchers at Ensilo flagged that the firm's Internet Security 2015 program had contained a bug that made it possible for hackers to add code to Windows PCs that would disable some of Microsoft's own protection measures.